Possible to consume AAD authenticated Azure functions from Power Bi and Power Apps? - McMap

About

Possible to consume AAD authenticated Azure functions from Power Bi and Power Apps?

Asked 25/1, 2018 at 21:41 Answered 1/2, 2018 at 16:23

Solved authentication azure-active-directory powerbi azure-functions powerapps

S

1

7

In Power Bi we get this error when trying to make a web connection:

"We couldn't authenticate with the credentials provided. Please try again"

The Azure function app is registered in our AAD . The function is a C# httptrigger with this code:

using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, TraceWriter log)
{
// parse query parameter
ClaimsIdentity userClaimsId = ClaimsPrincipal.Current.Identity as ClaimsIdentity;
    var claims = userClaimsId.FindAll(ClaimTypes.Upn);
    var groups = userClaimsId.Claims.Where(x => x.Type.Equals("groups")).ToList();
    var upns = userClaimsId.Claims.ToList();
    var roles = userClaimsId.Claims.Where(x => x.Type.Equals("upn")).ToList();
    return  req.CreateResponse(HttpStatusCode.OK, groups);
}

We are attempting to connect from Power Bi Desktop via the Get Data > Web option using an organizational account in our same AAD. When we call the function from browser it prompts for login and seems to return data.

Soubriquet answered 25/1, 2018 at 21:41 Comment(4)

Can you turn this into a question and make it more specific about where the failure is coming from? 1. Is that error coming from PowerBI or from your Azure Function? 2. I'm assuming your azure function is an http trigger? Can you invoke it explicitly (outside of PowerBI) via Fiddler/Postman. 3. How exactly are you invoking Functions? A webhook? An M connector? – Salzhauer 26/1, 2018 at 1:37

Question details added. C# trigger. Tested and works from browser and Postman. – Soubriquet 26/1, 2018 at 11:56

When you say it works from browser and Postman - are the browser and Postman requesting the data using the Organizational account credentials? – Fitzger 26/1, 2018 at 13:23

yes. when called the first time it prompts for authentication and then returns data – Soubriquet 27/1, 2018 at 14:5

S

8

The token that Power BI Desktop obtains from AAD when you sign in with an organizational account is for the https://yourfunction.azurewebsites.net audience. But when you configure AAD authentication for your Azure Function App, by default the audience configured is https://yourfunction.azurewebsites.net/.auth/login/aad/callback. That's why you receive an access denied.

So you can go to the AAD authentication settings of your Azure Function App, click AAD > Advanced > and enter the new allowed token audience there (see below, marked in red). Make sure to click OK, and to save the changes.

Sunburst answered 1/2, 2018 at 16:23 Comment(2)

By chance have you ever connected to AAD secured Azure function like this from Power Apps? – Soubriquet 4/2, 2018 at 12:39

I'm glad it worked. In regards to Power Apps, I never did it, but I would start here learn.microsoft.com/en-us/azure/azure-functions/… or here learn.microsoft.com/en-us/connectors/custom-connectors – Sunburst 5/2, 2018 at 14:19

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.